package Moxy::Plugin::StripScripts;
use strict;
use warnings;
use base qw/Moxy::Plugin/;
use Moxy::Util;
use HTML::StripScripts::Parser;

sub security_filter : Hook {
    my ($self, $context, $args) = @_;

    return unless (($args->{response}->header('Content-Type')||'') =~ /html/);

    $context->log("debug" => "strip scripts");

    $args->{response}->content(do {
        my $hss = HTML::StripScripts::Parser->new(
            {
                Context             => 'Document',
                AllowSrc            => 1,
                AllowHref           => 1,
            },
            strict_comments => 1,
            strict_names    => 1,
        );
        $hss->parse( $args->{response}->content );
        $hss->eof;
        $hss->filtered_document;
    });
}

1;
__END__

=head1 NAME

Moxy::Plugin::StripScripts - Strip scripting constructs out of HTML

=head1 SYNOPSIS

  - module: StripScripts

=head1 DESCRIPTION

XXX THIS PLUGIN STRIPS A LOT OF TAGS! TOOOOO STRICT!! DO NO USE THIS ! XXX

remove javascript from response.

=head1 AUTHOR

    Tokuhiro Matsuno

=head1 SEE ALSO

L<Moxy>, L<HTML::StripScripts>, L<HTML::StripScripts::Parser>